<?php
# !!!!!!!!!! DON'T MAKE ANY CHANGE IF YOU DON'T KNOW WHAT YOU'RE DOING !!!!!!!!!!
// --------------------------------------------------------------------------------------------------------------
// File Name              :	ajax.php
// Last Modification Time	:	2008-02-01 24:00
// Last Modified by       :	turker (turker.biz@gmail.com)
// list of modifications  :
//
//	- 2008-02-01 turker
//		* 24:00 file created.
//
// --------------------------------------------------------------------------------------------------------------

if (@empty($_POST['do'])) {
  header('Location:'.$SITE_URL);
  exit();
}
foreach ($_POST as $key=>$val) {
  if (!is_array($_POST[$key])) $_POST[$key]=trim($val);
}
extract($_POST,EXTR_OVERWRITE);

if ($do=='checkLogin') { # login.php
  $email=$mysql->escape($email);
  $pass=md5(strrev(md5($mysql->escape($pass))));
  $q=$mysql->query("select level from $USERS_TABLE where email='$email' and password='$pass'");
  if ($mysql->numRows($q)!=1) echo $_LANG['ajax']['msg1'];
  else {
    $level=$mysql->result($q,'level');
    if ($level>0) echo 'ok';
    else echo $_LANG['ajax']['msg2'];
  }
}
elseif ($do=='checkReg') { # register.php
  $email=$mysql->escape($email);
  $q=$mysql->query("select id from $USERS_TABLE where email='$email'");
  if ($mysql->numRows($q)>0) echo 'error';
  else echo 'ok';
}
elseif ($do=='catdel') { # category.php
  $id=(int)$id;
  if ($id>0) {
    $q=$mysql->query("select count(id) as total from $ITEM_CATS_TABLE where cat_id='$id'");
    $total=$mysql->result($q,'total');
    if ($total>0) echo 'Bu kategori içinde ürün(ler) olduğundan silemezsiniz!';
    else  {
      $q=$mysql->query("select count(id) as total from $CATEGORIES_TABLE where parent='$id'");
      $total=$mysql->result($q,'total');
      if ($total>0) echo 'Bu kategori altında başka kategori(ler) olduğundan silemezsiniz!';
      else {
        $q=$mysql->query("delete from $CATEGORIES_TABLE where id='$id'");
        if ($q) {
          $mysql->query("delete from $ITEM_CATS_TABLE where cat_id='$id'");
          echo 'Kategori silindi';
        }
        else echo 'Hata oluştu, Daha sonra tekrar deneyin';
      } // else
    } // else
  } // if
  else echo 'geçersiz işlem';
}
elseif ($do=='catedit') { # category.php
  $id=(int)$id;
  if ($id>0) {
    $q=$mysql->query("select * from $CATEGORIES_TABLE where id='$id'");
    if ($mysql->numRows($q)>0) {
      // id, title, info, name, active, parent, order, lang, date
      $read=$mysql->fetch($q);
      $title=$prep->html($read['title']);
      $info=$prep->html($read['info']);
      $order=$read['order'];
      $lang=$read['lang'];
      $active=$read['active'];
      $dil=listLangs($lang);
      $checked='';
      if ($active==1) $checked='checked';
      $title=str_replace("'","\'",$title);
      $info=str_replace("'","\'",$info);

      echo 'cat_div.html(\'<form class="box" id="cateditform"><input type="hidden" name="id" value="'.$id.'" />'
          .'<label>Başlık:</label> <input type="text" maxlength="75" name="title" id="title" value="'.$title.'" /><br />'
          .'<label>Açıklama:</label> <input type="text" maxlength="150" name="info" id="info" class="input-text" value="'.$info.'" /><br />'
          .'<label>Sıra:</label> <input type="text" maxlength="5" name="order" id="order" class="input-mini" value="'.$order.'" />'
          .'&nbsp;&nbsp; Dil: '.$dil.'&nbsp;&nbsp;&nbsp;&nbsp;Aktif: '
          .'<input type="checkbox" name="active" id="active" value="1" class="checkbox" '.$checked.' /><br />'
          .'<label></label><input type="button" value=" Değişiklikleri Kaydet " id="saveform" class="input-submit" onclick="saveForm(\\\'cateditform\\\',\\\'cat\\\');" /></form>\');';
    }
    else echo 'alert("geçersiz kategori");';
  } // if
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='catupdate') { # category.php
  $id=(int)$id;
  $valid->inRange($title,75,1,'Başlık doldurulmalı ve en fazla 75 karakter olmalıdır.');
  $valid->inRange($info,150,1,'Açıklama doldurulmalı ve en fazla 150 karakter olmalıdır.');
  $valid->inRange($order,5,1,'Sıra doldurulmalı ve en fazla 5 karakter olmalıdır.');
  $valid->isNumber($order,'Sıra sadece rakam olmalıdır.');
  $valid->isNumber($id,'geçersiz işlem');

  if ($valid->isError()) $valid->listErrors();
  else {
    // id, title, info, name, active, parent, order, lang, date
    foreach ($_POST as $key=>$val) $_POST[$key]=$mysql->escape($val);
    extract($_POST,EXTR_OVERWRITE);
    $name=makeNicer($title);
    $name=checkNiceName($name,$CATEGORIES_TABLE,'update',$id);
    $date=time()+(60*$TIME_CORRECTION);
    if (!$active) $active=0;

    $q=$mysql->query("update $CATEGORIES_TABLE set title='$title',info='$info',name='$name',active='$active',`order`='$order',lang='$lang',date='$date' where id='$id'");
    if ($q) echo 'Kategori bilgileri güncellendi.';
    else echo 'Hata, daha sonra tekrar deneyin';
  }
  $valid->resetErrors();
}
elseif ($do=='pagedel') { # page.php
  $id=(int)$id;
  if ($id>0) {
    $q=$mysql->query("delete from $PAGES_TABLE where id='$id'");
    if ($q) echo 'Sayfa silindi';
    else echo 'Hata oluştu, Daha sonra tekrar deneyin';
  }
  else echo 'geçersiz işlem';
}
elseif ($do=='pageedit') { # page.php
  $id=(int)$id;
  if ($id>0) {
    $q=$mysql->query("select * from $PAGES_TABLE where id='$id'");
    if ($mysql->numRows($q)>0) {
      // id, title, content, info, name, date, order, active, lang
      $read=$mysql->fetch($q);
      $title=$prep->html($read['title']);
      $info=$prep->html($read['info']);
      $content=$prep->html($read['content']);
      $order=$read['order'];
      $lang=$read['lang'];
      $active=$read['active'];
      $dil=listLangs($lang);
      $checked='';
      if ($active==1) $checked='checked';
      $title=str_replace("'","\'",$title);
      $info=str_replace("'","\'",$info);
      $content=str_replace("'","\'",$content);

      echo '$("#page_edit_div").html(\'<form class="box" id="pageeditform"><input type="hidden" name="id" value="'.$id.'" />'
          .'<label>Başlık:</label> <input type="text" maxlength="25" name="title" id="title" value="'.$title.'" /><br />'
          .'<label>Açıklama:</label> <input type="text" maxlength="100" name="info" id="info" class="input-text" value="'.$info.'" /><br />'
          .'<label>İçerik:</label> <textarea name="content" id="content" rows="15" class="textarea">'.$content.'</textarea><br />'
          .'<label>Sıra:</label> <input type="text" maxlength="5" name="order" id="order" class="input-mini" value="'.$order.'" />'
          .'&nbsp;&nbsp; Dil: '.$dil.'&nbsp;&nbsp;&nbsp;&nbsp;Aktif: '
          .'<input type="checkbox" name="active" id="active" value="1" class="checkbox" '.$checked.' /><br />'
          .'<label></label><input type="button" value=" Değişiklikleri Kaydet " id="saveform" class="input-submit" onclick="saveForm(\\\'pageeditform\\\',\\\'page\\\');" /></form>\');';
    }
    else echo 'alert("geçersiz sayfa");';
  } // if
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='pageupdate') { # page.php
  $id=(int)$id;
  $valid->inRange($title,25,1,'Başlık doldurulmalı ve en fazla 25 karakter olmalıdır.');
  $valid->inRange($info,100,1,'Açıklama doldurulmalı ve en fazla 100 karakter olmalıdır.');
  $valid->inRange($content,65555,1,'İçerik doldurulmalı ve en fazla 65555 karakter olmalıdır.');
  $valid->inRange($order,5,1,'Sıra doldurulmalı ve en fazla 5 karakter olmalıdır.');
  $valid->isNumber($order,'Sıra sadece rakam olmalıdır.');
  $valid->isNumber($id,'geçersiz işlem');

  if ($valid->isError()) $valid->listErrors();
  else {
    // id, title, content, info, name, date, order, active, lang
    foreach ($_POST as $key=>$val) $_POST[$key]=$mysql->escape($val);
    extract($_POST,EXTR_OVERWRITE);
    $name=makeNicer($title);
    $name=checkNiceName($name,$PAGES_TABLE,'update',$id);
    $date=time()+(60*$TIME_CORRECTION);
    if (!$active) $active=0;

    $q=$mysql->query("update $PAGES_TABLE set title='$title',content='$content',info='$info',name='$name',active='$active',`order`='$order',lang='$lang',date='$date' where id='$id'");
    if ($q) echo 'Sayfa bilgileri güncellendi.';
    else echo 'Hata, daha sonra tekrar deneyin'.$mysql->mysqlRaiseError();
  }
  $valid->resetErrors();
}
elseif ($do=='exdel') { # add.php
  $id=(int)$id;
  if ($id>0) {
    $q=$mysql->query("select count(id) as total from $ITEM_PRICES_TABLE where exchange_id='$id'");
    $total=$mysql->result($q,'total');
    if ($total>0) echo 'alert("Bu kuru kullanan ürün olduğu için silemezsiniz!");';
    else {
      $q=$mysql->query("delete from $EXCHANGES_TABLE where id='$id'");
      if (!$q) echo 'alert("hata!!!")';
      else {
        $q=$mysql->query("select id from $BASKET_TABLE where exchage_id='$id'");
        while ($read=$mysql->fetch($q)) {
        	$bid=$read['id'];
          $mysql->query("update $ORDERS_TABLE set basket_ids=replace(basket_ids,'|$bid','');");
          $mysql->query("update $ORDERS_TABLE set basket_ids=replace(basket_ids,'$bid|','');");
        }
        $mysql->query("delete from $BASKET_TABLE where exchage_id='$id'");
        $mysql->query("delete from $ITEM_PRICES_TABLE where exchage_id='$id'");
        echo 'alert("Kur silindi");';
        echo '$("#sira'.$id.'").remove();';
      }
    } // else
  }
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='exedit') { # add.php
  $id=(int)$id;
  if ($id>0) {
    // id, name, exchange, date, active
    $q=$mysql->query("select * from $EXCHANGES_TABLE where id='$id'");
    if ($mysql->numRows($q)>0) {
      $read=$mysql->fetch($q);
      $name=$prep->html($read['name']);
      $exchange=$prep->html($read['exchange']);
      $active=$read['active'];
      $name=str_replace("'","\'",$name);

      $out="$('#name').val('$name');";
      $out.="$('#exchange').val('$exchange');";
      $out.="$('#exsave').val('Kuru Güncelle');";
      $out.="$('#do').val('update');";
      $out.="$('#id').val('$id');";
      if ($active!='1') $out.="$('#active').attr('checked','');";
      echo $out;
    }
    else echo 'alert("geçersiz işlem");';
  }
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='photoselect') { # add.php
  $start=@(int)$start;
  $dir='../img';
  $limit=5;

  # toplam foto adedini bul
  $total=1;
  $handle=opendir($dir);
  while (false!==($file=readdir($handle))) {
    if ($file!='.'&&$file!='..'&&stristr($file,'.jpg')) $total++;
  }
  closedir($handle);
  # /toplam foto adedini bul

  # sayfa linklerini olsutur
  $pages='';
  $total=round($total/$limit);
  if ($total>1) {
    for ($i=0;$i<$total;$i++) {
      $pages.='<a href="javascript:void(0);" onclick="photoSelect('.$i.');">'.($i+1).'</a> ';
    }
  }
  # /sayfa linklerini olsutur

  # fotoları hazirla
  $return='';
  $start=$start*5;
  $end=$start+$limit;
  $i=0;
  $handle=opendir($dir);
  while (false!==($file=readdir($handle))) {
    if ($file!='.'&&$file!='..'&&stristr($file,'.jpg')) {
      if ($i>=$start&&$i<=$end) {
        $return.='<a href="javascript:void(0);" onclick="setImage(\\\''.$file.'\\\');"><img src="img/'.$file.'" /></a> ';
        $_SESSION['imgList'][]=$file;
      }
      $i++;
    }
    if ($i==$end) break;
  }
  closedir($handle);
  # /fotoları hazirla

  $return='<br /><a href="javascript:void(0);" onclick="$(this).parent().remove();">KAPAT</a><br />'.$pages.'<br /><br />'
          .$return.'<br /><a href="javascript:void(0);" onclick="$(this).parent().remove();">KAPAT</a><br /><br />';
  echo '$("#photoselect").html(\''.$return.'\')';
}
elseif ($do=='photodel') {
  if (!empty($image)) {
    $key=array_search($image,$_SESSION['imgList']);
    if (is_int($key)) {
      unset($_SESSION['imgList'][$key]);
      echo '$("a[alt=\'"+image+"\']").remove();';
      echo '$("img[alt=\'"+image+"\']").remove();';
    }
  }
}
elseif ($do=='catselect') { # add.php
  $catid=(int)$catid;
  $out='<br />';
  if ($catid>0) {
    $q=$mysql->query("select parent from $CATEGORIES_TABLE where id='$catid'");
    $parent=$mysql->result($q,'parent');
    $out='<a href="javascript:void(0);" title="Bir Üst Kategori" onclick="catSelect('.$parent.')">Üst Kategori</a><br /><br />';
  }
  $q=$mysql->query("select * from $CATEGORIES_TABLE where parent='$catid' order by title asc");
  if ($mysql->numRows($q)>0) {
    while ($read=$mysql->fetch($q)) {
      $id=$read['id'];
      $parent=$read['parent'];
      $title=$prep->html($read['title']);
      $title=str_replace("'","\'",$title);

      $checked='';
      if (isset($_SESSION['makeselection'][$id])) $checked='checked';
      $out.='<input type="checkbox" id="choice_'.$id.'" onclick="makeSelection('.$id.');" '.$checked.' /> ';
      $out.='<a href="javascript:void(0);" onclick="catSelect('.$id.');">'.$title.'</a><br />';
    }
  }
  else $out.='Alt kategori yok.';
  $out.='<br /><br /><a href="javascript:void(0);" onclick="$(this).parent().remove();">KAPAT</a><br />';
  echo '$("#selectdiv").html(\''.$out.'\')';
}
elseif ($do=='makeselection') { # add.php
  $id=(int)$id;
  if ($id>0) {
    $q=$mysql->query("select title from $CATEGORIES_TABLE where id='$id'");
    $title=$prep->html($mysql->result($q,'title'));
    if ($check=='1') $_SESSION['makeselection'][$id]=$title;
    else unset($_SESSION['makeselection'][$id]);

    $ids=array();
    $titles=array();
    foreach ($_SESSION['makeselection'] as $key=>$val) {
      $ids[]=$key;
      $titles[]=$val;
    }
    $ids=implode(',',$ids);
    $titles=implode(', ',$titles);
    $titles=str_replace("'","\'",$titles);
    if (!empty($ids)) {
      echo '$("#listcats").text("'.$titles.'");';
      echo '$("#cats").val("'.$ids.'");';
    }
    else {
      echo '$("#listcats").text("");';
      echo '$("#cats").val("0");';
    }
  }
}
elseif ($do=='branddel') { # add.php
  $id=(int)$id;
  if ($id>0) {
    $q=$mysql->query("delete from $BRANDS_TABLE where id='$id'");
    if (!$q) echo 'alert("hata!!!")';
    else {
      $mysql->query("delete from $ITEMS_TABLE where brand_id='$id'");
      echo 'alert("Marka silindi");';
      echo '$("#brand'.$id.'").remove();';
    }
  }
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='brandedit') { # add.php
  $id=(int)$id;
  if ($id>0) {
    // id, title, name, image, date, order, active
    $q=$mysql->query("select * from $BRANDS_TABLE where id='$id'");
    if ($mysql->numRows($q)>0) {
      $read=$mysql->fetch($q);
      $title=$prep->html($read['title']);
      $order=$prep->html($read['order']);
      $image=$prep->html($read['image']);
      $active=$read['active'];
      $title=str_replace("'","\'",$title);

      $out="$('#title').val('$title');";
      $out.="$('#save').val('Markayı Güncelle');";
      $out.="$('#do').val('update');";
      $out.="$('#order').val('$order');";
      $out.="$('#brandimg').remove();";
      $out.="$('#image').before('<img src=\"img/brands/$image\" id=\"brandimg\" />');";
      $out.="$('#id').val('$id');";
      if ($active!='1') $out.="$('#active').attr('checked','');";
      echo $out;
    }
    else echo 'alert("geçersiz işlem");';
  }
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='itemedit') { # item.php
  if ($id>0) {
    $valid->inRange($title,100,1,'Ürün başlığı doldurulmalı ve en fazla 100 karakter olmalıdır.');
    $valid->inRange($info,255,1,'Ürün açıklaması doldurulmalı ve en fazla 255 karakter olmalıdır.');
    $valid->inRange($content,65000,1,'Ürün içeriği doldurulmalı ve en fazla 65000 karakter olmalıdır.');
    $valid->inRange($order,3,1,'Sıra doldurulmalı ve en fazla 5 karakter olmalıdır.');
    $valid->isNumber($order,'Sıra sadece rakam olmalıdır.');
    if ($valid->isError()) $valid->listErrors();
    else {
      if (!$home) $home=0;
      if (!$new) $new=0;
      if (!$show_price) $show_price=0;
      if (!$active) $active=0;
      $name=makeNicer($title);
      $name=checkNiceName($name,$ITEMS_TABLE,'update',$id);
      $image='';
      if ($photo=='1') $image=",image=''";

      foreach ($_POST as $key=>$val) $_POST[$key]=$mysql->escape($val);
      extract($_POST,EXTR_OVERWRITE);
     //id, item, summary, info, name, home, new, lang, show_price, xml_code, image, date, brand_id, active, order, stock
      $q=$mysql->query("update $ITEMS_TABLE set item='$title',summary='$info',info='$content',name='$name',home='$home',new='$new',"
                      ."lang='$lang',xml_code='$xml_code'$image,brand_id='$brand',active='$active',`order`='$order' where id='$id'");

      if ($q) {
        if ($photo=='1') {
          unlink("../img/$main_image");
          unlink("../img/big/$main_image");
          unlink("../img/mid/$main_image");
        }

        if ($cats!='0') {
          $mysql->query("delete from $ITEM_CATS_TABLE where item_id='$id' and `primary`='0'");
          $cats=explode(',',$cats);
          foreach ($cats as $cat) $mysql->query("insert into $ITEM_CATS_TABLE values('','$id','$cat','0')");
        }
        echo "Ürün bilgileri güncellendi";
      }
      else echo "Ürün güncellenemedi".$mysql->mysqlRaiseError();
    }
  }
  else echo "geçersiz işlem";
}
elseif ($do=='itemdel') { # item.php
  $id=@(int)$_POST['id'];
  if ($id>0) {
    $mysql->query("delete from $ITEM_PRICES_TABLE where item_id='$id'");
    $mysql->query("delete from $ITEM_CATS_TABLE where item_id='$id'");
    $q=$mysql->query("select image from $IMAGES_TABLE where item_id='$id'");
    while ($read=$mysql->fetch($q)) {
      $image=$read['image'];
      unlink("../img/$image");
      unlink("../img/big/img/$image");
      unlink("../img/mid/img/$image");
    }
    $mysql->query("delete from $IMAGES_TABLE where item_id='$id'");
    $q=$mysql->query("select id from $BASKET_TABLE where item_id='$id'");
    while ($read=$mysql->fetch($q)) {
    	$item_id=$read['id'];
      $mysql->query("update $ORDERS_TABLE set basket_ids=replace(basket_ids,'|$item_id','');");
      $mysql->query("update $ORDERS_TABLE set basket_ids=replace(basket_ids,'$item_id|','');");
    }
    $mysql->query("delete from $BASKET_TABLE where item_id='$id'");
    $q=$mysql->query("select image from $ITEMS_TABLE where id='$id'");
    $image=$mysql->result($q,'image');
    if (!empty($image)) {
      unlink("../img/$image");
      unlink("../img/big/img/$image");
      unlink("../img/mid/img/$image");
    }

    $q=$mysql->query("delete from $ITEMS_TABLE where id='$id'");
    if ($q) echo 'Ürün silindi!';
    else echo 'Hata oluştu!';
  }
  else echo 'geçersiz işlem';
}
elseif ($do=='pricedel') { # item.php
  if ($id>0) {
    $q=$mysql->query("delete from $ITEM_PRICES_TABLE where id='$id'");
    if (!$q) echo 'alert("hata");';
    else {
      $q=$mysql->query("select id from $BASKET_TABLE where price_id='$id'");
      while ($read=$mysql->fetch($q)) {
      	$item_id=$read['id'];
        $mysql->query("update $ORDERS_TABLE set basket_ids=replace(basket_ids,'|$item_id','');");
        $mysql->query("update $ORDERS_TABLE set basket_ids=replace(basket_ids,'$item_id|','');");
      }
      $mysql->query("delete from $BASKET_TABLE where price_id='$id'");
      echo 'alert("Fiyat silindi");';
      echo '$("#price_'.$id.'").remove();';
    }

  }
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='img_del') { # item.php
  if ($id>0) {
    $q=$mysql->query("select image from $IMAGES_TABLE where id='$id'");
    while ($read=$mysql->fetch($q)) {
      $img=$read['image'];
      unlink("../img/$img");
      unlink("../img/big/img/$img");
      unlink("../img/mid/img/$img");
    }

    $q=$mysql->query("delete from $IMAGES_TABLE where id='$id'");
    if (!$q) echo 'alert("hata");';
    else {
      echo 'alert("Ürün Fotoğrafı Silindi");';
      echo '$("a[id=\''.$id.'\']").remove();';
      echo '$("#img_'.$id.'").remove();';
    }
  }
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='priceedit') { # item.php
  if ($id>0) {
    $id=(int)$id;
    // id, item_id, exchange_id, price, info, campaign, campaign_price, active, vat, t_price, date, xml_code
    $q=$mysql->query("select * from $ITEM_PRICES_TABLE where id='$id'");
    if (!$q) echo 'alert("hata");';
    else {
      $read=$mysql->fetch($q);

      echo '$("#itempriceadd").slideDown();';
      echo '$("#pricebutton").val(" Fiyatı Güncelle ");';
      echo '$("#what").val("update");';
      echo '$("#price_id").val("'.$id.'");';
      echo '$("#price").val("'.$prep->html($read['price']).'");';
      echo '$("#pinfo").val("'.$prep->html($read['info']).'");';
      echo '$("#campaign_price").val("'.$prep->html($read['campaign_price']).'");';
      echo '$("#vat").val("'.$prep->html($read['vat']).'");';
      echo '$("#pxml_code").val("'.$prep->html($read['xml_code']).'");';
      if ($read['active']=='1') echo '$("#pactive").attr("checked","checked");';
      else echo '$("#pactive").attr("checked","");';
      if ($read['campaign']=='1') echo '$("#campaign").attr("checked","checked");';
      else echo '$("#campaign").attr("checked","");';
      echo 'optionSelect("exhange_id","'.$read['exchange_id'].'");';
    }
  }
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='itemprice') { # item.php
  if($id>0&&$exhange_id>0&&!empty($what)) {
    if ($what=='add') { # yeni fiyat ekledi
      $price=str_replace(',','.',$price);
      $vat=str_replace(',','.',$vat);
      $campaign_price=str_replace(',','.',$campaign_price);
      $valid->isNumber($price,'Geçerli bir fiyat giriniz.');
      $valid->isEmpty($info,'Fiyat açıklamasını boş bırakmazsınız');
      $valid->isNumber($vat,'Geçerli bir KDV giriniz.');
      if ($campaign) $valid->isNumber($campaign_price,'Geçerli bir kampanya fiyatı giriniz.');
      if ($valid->isError()) {
        $errors=$valid->getErrors();
        $out='';
        foreach ($errors as $error) $out.="$error\n";
        echo "alert('$out')";
      }
      else {
        if (!$campaign) $campaign=0;
        if (!$campaign_price) $campaign_price=0;
        if (!$active) $active=0;
        if (!$xml_code) $xml_code=0;
        $date=time()+(60*$TIME_CORRECTION);
        //id, item_id, exchange_id, price, info, campaign, campaign_price, active, vat, t_price, date, xml_code
        foreach ($_POST as $key=>$val) $_POST[$key]=$mysql->escape($val);
        extract($_POST,EXTR_OVERWRITE);
        $price=str_replace(',','.',$price);
        $vat=str_replace(',','.',$vat);
        $campaign_price=str_replace(',','.',$campaign_price);

        $q=$mysql->query("insert into $ITEM_PRICES_TABLE values('','$id','$exhange_id','$price','$info','$campaign','$campaign_price','$active','$vat','0','$date','$xml_code')");
        if (!$q) echo 'alert("Hata!");';
        else {
          $pid=$mysql->lastId;
          $q=$mysql->query("select name from $EXCHANGES_TABLE where id='$exhange_id'");
          $ename=$mysql->result($q,'name');

          $basket_link='index.php?page=basket&id='.$id.'&pid='.$pid;
          if ($active=='1') $active='<img src="template/img/active.gif" title="Fiyat Aktif" />';
          else $active='<img src="template/img/notactive.gif" title="Fiyat Aktif Değil" />';

          $price="$price $ename +KDV";
          if ($campaign_price>0&&$campaign) {
            $campaign='<img src="template/img/kampanya.gif" align="left" />';
            $price="<s>$price</s> yerine $campaign_price $ename +KDV";
          }
          else $campaign='';

          $info=$prep->html($info);
          $priceList.="<tr id=\"price_$pid\">";
          $priceList.='<td><img src="template/img/delete.gif" title="Fiyatı Sil" onclick="removePrice('.$pid.');" /> ';
          $priceList.='<img src="template/img/edit.gif" title="Fiyatı Düzenle" onclick="editPrice('.$pid.');" class="imglist" /> '.$active.'</td>';
          $priceList.="<td height=\"30px\">$info</td><td>$campaign $price</td><td>";
          //if (strstr('n',$active)) $priceList.="<a rel=\"shadowbox;width=760;height=555\" title=\"Sepetim\" href=\"$basket_link\">Sepete Ekle</a>";
          $priceList.="</td></tr>";
          $priceList=str_replace(array("\r\n","\r","\n"),array('','',''),$priceList);

          echo 'alert("Ürüne Fiyat Eklendi");';
          echo '$("#price").val("");';
          echo '$("#pinfo").val("");';
          echo '$("#campaign").attr("checked","");';
          echo '$("#campaign_price").val("");';
          echo '$("#pactive").attr("checked","checked");';
          echo '$("#vat").val("18");';
          echo '$("#pxml_code").val("");';
          echo '$("#pricelist tbody").append(\''.$priceList.'\');';
        } // else
      } // else
    }
    elseif ($what=='update'&&(int)$price_id>0) {  # fiyatı güncelle
      $price=str_replace(',','.',$price);
      $vat=str_replace(',','.',$vat);
      $campaign_price=str_replace(',','.',$campaign_price);
      $valid->isNumber($price,'Geçerli bir fiyat giriniz.');
      $valid->isEmpty($info,'Fiyat açıklamasını boş bırakmazsınız');
      $valid->isNumber($vat,'Geçerli bir KDV giriniz.');
      if ($campaign) $valid->isNumber($campaign_price,'Geçerli bir kampanya fiyatı giriniz.');
      if ($valid->isError()) {
        $errors=$valid->getErrors();
        $out='';
        foreach ($errors as $error) $out.="$error\n";
        echo "alert('$out')";
      }
      else {
        if (!$campaign) $campaign=0;
        if (!$campaign_price) $campaign_price=0;
        if (!$active) $active=0;
        if (!$xml_code) $xml_code=0;
        $date=time()+(60*$TIME_CORRECTION);
        //id, item_id, exchange_id, price, info, campaign, campaign_price, active, vat, t_price, date, xml_code
        foreach ($_POST as $key=>$val) $_POST[$key]=$mysql->escape($val);
        extract($_POST,EXTR_OVERWRITE);
        $price=str_replace(',','.',$price);
        $vat=str_replace(',','.',$vat);
        $campaign_price=str_replace(',','.',$campaign_price);

        $q=$mysql->query("update $ITEM_PRICES_TABLE set exchange_id='$exhange_id',price='$price',info='$info',campaign='$campaign',"
                        ."campaign_price='$campaign_price',active='$active',vat='$vat',xml_code='$xml_code' where id='$price_id'");

        if (!$q) echo 'alert("Hata!");';
        else {
          echo 'alert("Fiyat Güncellendi");';
          echo '$("#price").val("");';
          echo '$("#pinfo").val("");';
          echo '$("#campaign").attr("checked","");';
          echo '$("#campaign_price").val("");';
          echo '$("#pactive").attr("checked","checked");';
          echo '$("#vat").val("18");';
          echo '$("#pxml_code").val("");';
        } // else
      } // else
    }
    else echo 'alert("geçersiz işlem...");';
  }
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='changelevel') { # users.php
  $level=(int)$level;
  foreach ($user as $user_id) {
    $mysql->query("update $USERS_TABLE set level='$level' where id='$user_id'");
  }
  echo "Kullanıcı seviyeleri güncellendi";
}
elseif ($do=='userdel') { # users.php
  $users=@$_POST['user'];
  if (is_array($users)) {
    foreach ($users as $id) {
      $id=(int)$id;
      if ($id>0&&$id!=getActiveUser('id')) {
        $mysql->query("delete from $USERS_TABLE where id='$id'");
        $mysql->query("delete from $ORDERS_TABLE where user_id='$id'");
        $mysql->query("delete from $BASKET_TABLE where user_id='$id'");
      }
    }
    echo 'alert("Seçilen kullanıcılar silindi");$("#id_'.$id.'").remove();';
  }
  else echo 'alert("geçersiz işlem");';
}
elseif ($do=='order_del') { # waiting_orders.php
  $del=@$_POST['del'];
  if (empty($del)||!is_array($del)) echo 'alert("Geçersiz işlem");';
  else {
    foreach ($del as $id) { # silinecek idler
      $id=(int)$id;
      /* sepetteki ürünleri sil */
      $q=$mysql->query("select basket_ids from $ORDERS_TABLE where id='$id'");
      $basket_ids=$mysql->result($q,'basket_ids');
      if (strstr($basket_ids,'|')) $basket_ids=explode('|',$basket_ids);
      if (is_array($basket_ids)) {
        foreach ($basket_ids as $bid) $mysql->query("delete from $BASKET_TABLE where id='$bid'");
      }
      else $mysql->query("delete from $BASKET_TABLE where id='$basket_ids'");
      /* /sepetteki ürünleri sil */

      $q=$mysql->query("delete from $ORDERS_TABLE where id='$id'");
      if ($q) echo '$("#order_'.$id.'").remove();';
      else {
        echo 'alert("Sipariş silinirken hata oluştu, daha sorna tekrar deneyin.");';
        break;
      }
    } // foreach
  } // else
}
elseif ($do=='order_ok') { # waiting_orders.php
  $id=@(int)$_POST['id'];
  $note=@$_POST['note'];
  if (empty($id)) echo 'alert("geçersiz işlem");';
  else {
    $date=time()+(60*$TIME_CORRECTION);
    // id, basket_ids, buy, buy_date, send, send_date, address, order_note, admin_note, user_id, total
    $note=$mysql->escape($note);
    $q=$mysql->query("update $ORDERS_TABLE set send='1',send_date='$date',admin_note='$note'");
    if ($q) echo '$("#order_'.$id.'").remove();';
    else echo 'alert("Sipariş onaylanırken hata oluştu, daha sorna tekrar deneyin.");';
  }
}
elseif ($do=='module') {
  $hook->ajax();
}

$mysql->destructor();
$prep->destructor();
$valid->destructor();
?>